Wireshark/Capture filter

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a capture filter.

Readings[edit | edit source]

1. Wireshark: Capture Filters

Preparation[edit | edit source]

To prepare for this activity:

1. Start Windows.
2. Log in if necessary.
3. Install Wireshark.

Activity 1 - Capture Network Traffic Using a Capture Filter[edit | edit source]

To capture network traffic using a capture filter:

1. Select either the Capture menu and then the Interfaces dialog box or the List the available capture interfaces toolbar button.
2. Select Options.
3. Double-click on the interface you want to use for the capture.
4. In the Capture Filter box type host 8.8.8.8.
5. Select OK to save the changes.
6. Select Start to start a Wireshark capture.
7. Use ping 8.8.8.8 to ping an Internet host by IP address.
8. Use ping 8.8.4.4 to ping an Internet host by IP address.
9. Observe that only traffic to (destination) or from (source) IP address 8.8.8.8 is captured.
10. Stop the Wireshark capture.
11. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References[edit | edit source]

• Wireshark: User's Guide
• Admin Magazine: Wireshark